In communication systems where the user terminals and/or users are sometimes mobile, many applications require ability for a network entity or peer to contact a device. However, at the same time preventing the unauthorized traffic to users and equipment is important, because, any public network with constrained radio resources will involve some cost, and it is often a concern to ensure that no unwanted traffic goes to the device. Unfortunately, this goal is often in conflict with the goal of making the device easily reachable from other devices. For instance, a device monitoring a vehicle or goods transport may roam in various different countries, and receiving unwanted traffic on the device's address could be costly at roaming data transfer rates. In particular, as such a device is often energy constrained, as it often rely on an internal power supply with no or limited possibility of recharging.
Today, visibility of a device in a network is arranged in various ways. One way is that a device poll some central server often enough to get any messages that it has gotten. Another possibility is that the device keeps a Network Address Translation, NAT, traversal state through e.g. a NAT router or firewall, so that messages to that device can be sent to it at a temporary address and port number. However, either frequent polling of servers and NAT state refreshes are expensive both from a device power consumption point of view as well as being orders of magnitude more serious problem for network congestion than the frequent polling from the current smart phones is.
A different approach is that the devices are visible on a public address in the IPv4 or IPv6 Internet or that the device is visible on some private network (e.g., a corporate Access Point Name, APN). Though, using private networks and APNs is a possibility, it is often more expensive than using regular network access, and therefore difficult to employ, e.g. by small players.
However, direct connectivity to either IPv4 and IPv6 has the drawback that Internet exposes the device to any harmful activity from scanners and attackers. To prevent this, there are mechanisms for allowing devices to control a firewall or NAT in front of them. For instance, the Internet Engineering Task Force, IETF has recently defined the PCP, Port Control Protocol, mechanism. However, many of these mechanisms are focused on opening a specific address or port number, and therefore have limited mechanisms for protecting against attackers testing a known port. As a consequence, devices or clients need to have logic for handling unsolicited traffic in the device.